Django JWT

Authentication
JSON Web Tokens for Secure
API Authentication

Program: EDGE-CSE CUET DIGITAL Instructor:

SKILLS TRAINING Tanveer Rahman,
Sr. Software Engineer,
Course: Python (Django) [Intermediate]
Friends Corp.
Lecture: Training Session-13 Chuo-ku, Tokyo, JP
Date: 26th October, 2024 [email protected],
Duration: (1+1) hours 01626735005
 Agenda
Setting Up
Why Use JWT
What is JWT for Authenticati
JWT? Authenticati on in Django
on? REST
Practical Framework
Task:
Creating and
Implementin
Using JWT
g JWT
Tokens
Authenticati
on
 JWT (JSON Web
Token)
A compact, URL-safe
means of representing
What is claims between two
JWT? parties.
•JWT Structure:
Consists of three parts:
Header, Payload, and
Header.Payload.Signature
• Signature.
Encoded as a base64
string.
 Stateless Authentication:
• Does not require server-side
Why Use sessions; tokens are self-
Scalability:
contained.
JWT for • Suitable for microservices and
Authentic distributed systems.
Security:
ation?
JWTs are signed to ensure data
integrity.
• Can include additional claims
to manage token expiration
and user roles.
Setting Up JWT Authentication
in Django REST Framework
1. Install Required Packages:
• pip install djangorestframework-simplejwt
2. Update Django Settings:
• Add
'rest_framework_simplejwt.authentication.JW
TAuthentication' to
DEFAULT_AUTHENTICATION_CLASSES in
settings.py.
Configuring JWT Settings
• Customizing JWT Settings:

• Explanation:
• ACCESS_TOKEN_LIFETIME: Time for token validity.
• REFRESH_TOKEN_LIFETIME: Time for refreshing token validity.
• ROTATE_REFRESH_TOKENS: Automatically issue a new refresh
token.
 Create JWT Views:

Creating
JWT
Tokens Explanation:
TokenObtainPairView:
Generates access and
refresh tokens.
• TokenRefreshView:
Securing Views and
Decorators
• Using @permission_classes Decorator:

• Setting Permissions in Views or

Viewsets:
 Add
Authorization
•Header:
Authorization: Bearer
Using JWT <your_access_token>
Tokens in Example Using
API cURL:
• curl -H "Authorization:
Requests Bearer
<your_access_token>
"
http://localhost:8000/a
Task 1 - Implementing JWT
Authentication (45 mins)
1. Configure JWT in a Django REST Framework
project.
2. Set up endpoints for obtaining and
refreshing tokens.
3. Secure an existing API endpoint using JWT
authentication.
4. Test the protected endpoint by including the
JWT in the request header.
Customizing JWT Claims
• Override the TokenObtainPairSerializer:

• Allows adding custom data (claims) to

the token.
Task 2 - Custom JWT Claims
(30 mins)
1. Modify the token serializer to add
custom claims like user role.
2. Implement a protected endpoint that
uses these custom claims.
3. Test the endpoint with various users
and roles.
Revoking JWT Tokens
• Install Blacklist App:
• pip install djangorestframework-
simplejwt[blacklist]
• Enable Token Blacklisting:

• Enable Blacklisting in Settings.py:

Logout API Implementation
• Create a View for Logout:

• Retrieves the refresh token from the request and

blacklists the token to prevent further use.
 JWT Overview: Stateless, secure
authentication.

Setting Up JWT: Configure simplejwt

in Django.

Recap JWT in Practice: Obtaining, using,

and refreshing tokens.

Custom Claims and Security: Enhance

tokens with additional claims.

Token Revocation: Manage token

blacklisting for logout.
 Django REST
Framework JWT
Additiona Documentation:
l https://django-res
Resource t-framework-simpl
ejwt.readthedocs.i
s JWT.io:
o/
https://jwt.io/
Q&A
Session